CVE-2005-2885

MAXdev MD-Pro 1.0.73 - Remote Command Execution via Incomplete File Extension Blacklist Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2885. PoCs published by rgod.

AI-analyzed exploit summary This exploit leverages a file upload vulnerability in MAXdev MD-Pro due to a blacklist-based extension filter. An attacker can upload a malicious PHP file with a .inc extension to achieve remote code execution (RCE) via arbitrary command execution through a GET parameter.

Description

The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which could allow remote attackers to bypass file extension checks and execute arbitrary commands by uploading a file with a different extension, as demonstrated using .inc files.

Exploits (1)

exploitdb WORKING POC VERIFIED
by rgod · textwebappsphp
https://www.exploit-db.com/exploits/26225

This exploit leverages a file upload vulnerability in MAXdev MD-Pro due to a blacklist-based extension filter. An attacker can upload a malicious PHP file with a .inc extension to achieve remote code execution (RCE) via arbitrary command execution through a GET parameter.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: MAXdev MD-Pro
No auth needed
Prerequisites: Access to the file upload functionality · Web server with write permissions in the upload directory
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14750
Exploit, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16731/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/22199
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112603835317458&w=2

Scores

EPSS 0.0894
EPSS Percentile 94.6%

Details

Status published
Products (1)
maxdev/md-pro 1.0.73
Published Sep 14, 2005
Tracked Since Feb 18, 2026